1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-12-25 07:47:05 +00:00
Commit Graph

2286 Commits

Author SHA1 Message Date
Joshua Tauberer
11e84d0d40 Move automatically generated aliases to a separate database table
They really should never have been conflated with the user-provided aliases.

Update the postfix alias map to query the automatically generated aliases with lowest priority.
2021-09-24 08:11:36 -04:00
Joshua Tauberer
79966e36e3 Set a cookie for /admin/munin pages to grant access to Munin reports
The /admin/munin routes used the same Authorization: header logic as the other API routes, but they are browsed directly in the browser because they are handled as static pages or as a proxy to a CGI script.

This required users to enter their email username/password for HTTP basic authentication in the standard browser auth prompt, which wasn't ideal (and may leak the password in browser storage). It also stopped working when MFA was enabled for user accounts.

A token is now set in a cookie when visiting /admin/munin which is then checked in the routes that proxy the Munin pages. The cookie's lifetime is kept limited to limit the opportunity for any unknown CSRF attacks via the Munin CGI script.
2021-09-24 08:11:36 -04:00
Joshua Tauberer
66b15d42a5 CHANGELOG entries 2021-09-24 08:11:36 -04:00
drpixie
df46e1311b
Include NSD config files from /etc/nsd/nsd.conf.d/*.conf (#2035)
And write MIAB dns zone config into /etc/nsd/nsd.conf.d/zones.conf. Delete lingering old zones.conf file.

Co-authored-by: Joshua Tauberer <jt@occams.info>
2021-09-24 08:07:40 -04:00
KiekerJan
e54dc19854 slightly change dns resolver call 2021-09-21 22:17:10 +02:00
Elsie Hupp
353084ce67
Use "smart invert" for dark mode (#2038)
* Use "smart invert" for dark mode

Signed-off-by: Elsie Hupp <9206310+elsiehupp@users.noreply.github.com>

* Add more contrast to form controls

Co-authored-by: Joshua Tauberer <jt@occams.info>
2021-09-19 09:53:03 -04:00
mailinabox-contributor
91079ab934
add numeric flag value to DNSSEC DS status message (#2033)
Some registrars (e.g. Porkbun) accept Key Data when creating a DS RR,
but accept only a numeric flags value to indicate the key type (256 for KSK, 257 for ZSK).

https://datatracker.ietf.org/doc/html/rfc5910#section-4.3
2021-09-10 16:12:41 -04:00
github@kiekerjan.isdronken.nl
52a5100265 align recidive search time to a week 2021-09-09 22:52:30 +02:00
Joshua Tauberer
e5909a6287 Allow non-admin login to the control panel and show/hide menu items depending on the login state
* When logged out, no menu items are shown.
* When logged in, Log Out is shown.
* When logged in as an admin, the remaining menu items are also shown.
* When logged in as a non-admin, the mail and contacts/calendar instruction pages are shown.

Fixes #1987
2021-09-06 09:23:58 -04:00
Joshua Tauberer
26932ecb10 Add a 'welcome' panel to the control panel and make it the default page instead of the status checks which take too long to load
Fixes #2014
2021-09-06 09:23:58 -04:00
Joshua Tauberer
e884c4774f Replace HMAC-based session API keys with tokens stored in memory in the daemon process
Since the session cache clears keys after a period of time, this fixes #1821.

Based on https://github.com/mail-in-a-box/mailinabox/pull/2012, and so:

Co-Authored-By: NewbieOrange <NewbieOrange@users.noreply.github.com>

Also fixes #2029 by not revealing through the login failure error message whether a user exists or not.
2021-09-06 09:23:58 -04:00
Joshua Tauberer
53ec0f39cb Use 'secrets' to generate the system API key and remove some debugging-related code
* Rename the 'master' API key to be called the 'system' API key
* Generate the key using the Python secrets module which is meant for this
* Remove some debugging helper code which will be obsoleted by the upcoming changes for session keys
2021-09-06 09:23:58 -04:00
Joshua Tauberer
700188c443 Roundcube 1.5 RC 2021-09-06 09:23:58 -04:00
KiekerJan
9b39251469 active roundcube markasjunk plugin 2021-09-03 22:23:00 +02:00
github@kiekerjan.isdronken.nl
42e9a5ae69 update readme 2021-09-03 20:40:53 +02:00
github@kiekerjan.isdronken.nl
36897b35ab Update dns blacklist checker 2021-09-03 20:18:30 +02:00
KiekerJan
c4fa84b966 tuning fail2ban 2021-08-29 22:47:29 +02:00
kiekerjan
98c00d1c6a
Merge branch 'mail-in-a-box:main' into master 2021-08-28 13:38:15 +02:00
KiekerJan
63255d321a tuning fail2ban 2021-08-28 13:34:37 +02:00
David Duque
ba80d9e72d
Show backup retention period form when configuring B2 backups (#2024) 2021-08-23 06:25:41 -04:00
Joshua Tauberer
a71a58e816
Re-order DS record algorithms by digest type and revise warning message (#2002) 2021-08-22 14:45:56 -04:00
Joshua Tauberer
67b5711c68 Recommend that DS records be updated to not use SHA1 and exclude MUST NOT methods (SHA1) and the unlikely option RSASHA1-NSEC3-SHA1 (7) + SHA-384 (4) from the DS record suggestions 2021-08-22 14:43:46 -04:00
myfirstnameispaul
20ccda8710 Re-order DS record algorithms by digest type and revise warning message.
Note that 7, 4 is printed last in the status checks page but does not appear in the file, and I couldn't figure out why.
2021-08-22 14:29:36 -04:00
NewbieOrange
0ba841c7b6
fail2ban now supports ipv6 (#2015)
Since fail2ban 0.10.0, ipv6 support has been added. The current Ubuntu 18.04 repository has fail2ban 0.10.2, which does have ipv6 protection.
2021-08-22 14:13:58 -04:00
lamkin
daad122236
Ignore bad encoding in email addresses when parsing maillog files (#2017)
local/domain parts of email address should be standard ASCII or
UTF-8. Some email addresses contain extended ASCII, leading to
decode failure by the UTF-8 codec (and thus failure of the
Usage-Report script)

This change allows maillog parsing to continue over lines
containing such addresses
2021-08-16 11:46:32 -04:00
kiekerjan
60adba79a1
Update README.md 2021-08-16 13:15:33 +02:00
kiekerjan
f20a992bcb
Update README.md 2021-08-16 12:22:39 +02:00
KiekerJan
b036b09eb1 update readme 2021-08-16 12:12:20 +02:00
kiekerjan
19799fd5e6
Create codeql-analysis.yml 2021-08-16 11:53:31 +02:00
kiekerjan
ea452d5441
Merge branch 'mail-in-a-box:main' into master 2021-08-16 11:49:46 +02:00
github@kiekerjan.isdronken.nl
4b260354c2 revert carddav plugin install 2021-08-02 22:47:42 +02:00
github@kiekerjan.isdronken.nl
75f14a0735 make plugin installation of carddav like other git based installs 2021-08-02 22:09:04 +02:00
github@kiekerjan.isdronken.nl
a3b7878ef4 add contextmenu plugin 2021-08-02 00:44:47 +02:00
github@kiekerjan.isdronken.nl
bd9952704a mute re indexing, could be lots of noise on existing installs 2021-08-02 00:27:45 +02:00
KiekerJan
cf6eac0d0c add nginx security headers 2021-08-02 00:05:12 +02:00
KiekerJan
1f35158211 use predefined DHE field groups 2021-08-01 23:09:59 +02:00
github@kiekerjan.isdronken.nl
dbf029b399 remove old ciphers from postfix 2021-08-01 22:49:25 +02:00
KiekerJan
87be897d36 update DH security to 4096 2021-08-01 21:52:37 +02:00
KiekerJan
f6450c1cae update obsolete settings 2021-07-31 21:43:25 +02:00
KiekerJan
104d40e819 add alternative sshd port to ssh jail 2021-07-31 21:42:57 +02:00
KiekerJan
128541d506 add alternative sshd port to ssh jail 2021-07-31 21:36:38 +02:00
NewbieOrange
21ad26e452
Disable auto-complete for 2FA code in the control panel login form (#2013) 2021-07-28 16:39:40 -04:00
KiekerJan
485ca18f35 Merge branch 'master' of github.com:kiekerjan/mailinabox 2021-07-26 10:05:28 +02:00
KiekerJan
aa360ee0c4 setup home for dovecot user outside ho
mail dir
2021-07-26 10:05:19 +02:00
KiekerJan
fa66b767af add debugging info to email admin tool 2021-07-26 10:04:35 +02:00
github@kiekerjan.isdronken.nl
75390e11fd cleanup 2021-07-24 21:19:01 +02:00
github@kiekerjan.isdronken.nl
efdd1f2442 initial work on configurable backup folder 2021-07-19 23:18:39 +02:00
github@kiekerjan.isdronken.nl
1315e02cba mail homes and correct use of STORAGE PATH 2021-07-19 21:41:50 +02:00
github@kiekerjan.isdronken.nl
afe078ce32 remove compression for dovecot 2021-07-19 21:34:51 +02:00
KiekerJan
af079a1139 enable compression for dovecot mailboxes 2021-07-04 20:09:29 +02:00